Reading Time: 2 minutes
- North Korean hackers Lazarus Group have infiltrated the npm ecosystem with six new malicious packages
- These packages have been designed to steal credentials and deploy backdoors in order to siphon cryptocurrencies
- Researchers have identified the use of typosquatting tactics to deceive developers
The notorious Lazarus Group has targeted the npm (Node Package Manager) ecosystem by introducing six malicious packages in an attempt to steal cryptocurrencies. Discovered by the research team at The Socket, these packages aim to compromise developer environments, steal sensitive information, and deploy backdoors. The group has employed typosquatting tactics, creating packages with names similar to legitimate libraries to deceive developers into integrating them into their projects.
Developers Explicity Targeted
The npm is a vast and widely used repository of open-source JavaScript packages, and Lazarus clearly wants to take advantage of its popularity, uploading six malicious packages with names similar to existing packages:
- `is-buffer-validator`
- `yoojae-validator`
- `event-handle-package`
- `array-empty-validator`
- `react-event-dependency`
- `auth-validator`
These packages have been collectively downloaded over 330 times, posing a significant threat to developers who may have unknowingly integrated them into their projects.
The Lazarus Group utilized typosquatting tactics, creating package names that closely resembl